Why CISOs in business services must close the edge security gap

Cloud adoption is speeding ahead in the business services sector, but security for remote and edge environments is falling behind. At the same time, generative AI is moving into daily workflows faster than most IT teams are prepared for. Those are the key takeaways from a new Aryaka survey of more than 100 North American IT and infrastructure leaders in finance, legal, consulting, and HR services.

The report found that most firms have embraced hybrid cloud models, with 74 percent hosting applications in mixed environments and 65 percent actively migrating legacy applications. Improving application and SaaS performance, gaining security and network observability, and simplifying IT operations rank as top priorities. Securing SaaS and public cloud applications is also high on the list.

Despite this, only 38 percent of respondents said edge security is “mission-critical.” Given the heavy reliance on SaaS and remote work, that leaves significant room for exposure.

Srinivasa Addepalli, CTO of Aryaka, told Help Net Security the risks are not theoretical. “When zero trust enforcement is not applied consistently for users working from anywhere, the consequences can be significant. We’ve seen this affect the ability to detect and block sensitive data transfers to and from SaaS applications, control shadow IT usage, prevent users from inadvertently pasting confidential information into prompts and protect employees from phishing attacks,” he said.

Two-thirds of respondents said they struggle to secure SaaS and public cloud applications. More than half face remote access and latency challenges. Limited internal IT staff and vendor sprawl add further pressure.

The study also shows that 34 percent of firms are evaluating or deploying GenAI, ahead of other industries. However, most have yet to solve the bandwidth, latency, and data protection issues that come with these tools. Addepalli said some organizations are making progress without slowing AI adoption.

“We’re seeing two common approaches to mitigating these risks without slowing adoption. The first is network-level MITM inspection, which can detect and block unsafe or non-compliant interactions with public chatbots. This is done by intercepting the traffic, SSL decryption, prompt and response extraction and validating them against a set of guardrails. The second is runtime inspection at the agent or chatbot level, which can identify unintended or sensitive content even within the internal logic of AI agents,” he said.

One example comes from a customer that embedded guardrails directly into their agent framework, enabling security checks at multiple points in the workflow. “This approach allowed them to maintain GenAI agility while protecting against data leakage and compliance breaches,” Addepalli said.

Interest in Secure Access Service Edge (SASE) is also growing. Forty-four percent of respondents plan to adopt it within the year to unify security and networking, improve SaaS and cloud performance, and reduce IT burdens. But budget constraints, limited IT resources, and concerns over disrupting legacy systems remain common blockers.

For CISOs, the findings highlight three priorities. First, edge security must advance alongside cloud adoption. Second, GenAI readiness needs to match the pace of deployment. Third, SASE adoption could help unify controls and reduce complexity, but only if organizations can navigate cost and change management hurdles.